1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
* License, v. 2.0. If a copy of the MPL was not distributed with this
3
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
* Certificate ID Object for OCSP
11
#include "pkix_pl_ocspcertid.h"
13
/* --Private-Cert-Functions------------------------------------- */
16
* FUNCTION: pkix_pl_OcspCertID_Destroy
17
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
20
pkix_pl_OcspCertID_Destroy(
21
PKIX_PL_Object *object,
24
PKIX_PL_OcspCertID *certID = NULL;
26
PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_Destroy");
28
PKIX_NULLCHECK_ONE(object);
30
PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPCERTID_TYPE, plContext),
31
PKIX_OBJECTNOTOCSPCERTID);
33
certID = (PKIX_PL_OcspCertID *)object;
36
CERT_DestroyOCSPCertID(certID->certID);
41
PKIX_RETURN(OCSPCERTID);
45
* FUNCTION: pkix_pl_OcspCertID_RegisterSelf
47
* Registers PKIX_PUBLICKEY_TYPE and its related functions
48
* with systemClasses[]
50
* Not Thread Safe - for performance and complexity reasons
52
* Since this function is only called by PKIX_PL_Initialize, which should
53
* only be called once, it is acceptable that this function is not
57
pkix_pl_OcspCertID_RegisterSelf(void *plContext)
59
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
60
pkix_ClassTable_Entry entry;
62
PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_RegisterSelf");
64
entry.description = "OcspCertID";
66
entry.typeObjectSize = sizeof(PKIX_PL_OcspCertID);
67
entry.destructor = pkix_pl_OcspCertID_Destroy;
68
entry.equalsFunction = NULL;
69
entry.hashcodeFunction = NULL;
70
entry.toStringFunction = NULL;
71
entry.comparator = NULL;
72
entry.duplicateFunction = pkix_duplicateImmutable;
73
systemClasses[PKIX_OCSPCERTID_TYPE] = entry;
75
PKIX_RETURN(OCSPCERTID);
78
/* --Public-Functions------------------------------------------------------- */
81
* FUNCTION: PKIX_PL_OcspCertID_Create
84
* This function creates an OcspCertID for a given certificate,
85
* to be used with OCSP transactions.
87
* If a Date is provided in "validity" it may be used in the search for the
88
* issuer of "cert" but has no effect on the request itself.
92
* Address of the Cert for which an OcspCertID is to be created. Must be
95
* Address of the Date for which the Cert's validity is to be determined.
98
* Address at which the result is stored. Must be non-NULL.
100
* Platform-specific context pointer.
102
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
104
* Returns NULL if the function succeeds.
105
* Returns an OcspCertID Error if the function fails in a non-fatal way.
106
* Returns a Fatal Error if the function fails in an unrecoverable way.
109
PKIX_PL_OcspCertID_Create(
111
PKIX_PL_Date *validity,
112
PKIX_PL_OcspCertID **object,
115
PKIX_PL_OcspCertID *cid = NULL;
118
PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_Create");
119
PKIX_NULLCHECK_TWO(cert, object);
121
PKIX_CHECK(PKIX_PL_Object_Alloc
122
(PKIX_OCSPCERTID_TYPE,
123
sizeof (PKIX_PL_OcspCertID),
124
(PKIX_PL_Object **)&cid,
126
PKIX_COULDNOTCREATEOBJECT);
128
if (validity != NULL) {
129
PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
130
PKIX_DATEGETPRTIMEFAILED);
135
cid->certID = CERT_CreateOCSPCertID(cert->nssCert, time);
137
PKIX_ERROR(PKIX_COULDNOTCREATEOBJECT);
144
PKIX_RETURN(OCSPCERTID);
148
* FUNCTION: PKIX_PL_OcspCertID_GetFreshCacheStatus
151
* This function may return cached OCSP results for the provided
152
* certificate, but only if stored information is still considered to be
157
* A certificate ID as used by OCSP
159
* Optional date parameter to request validity for a specifc time.
161
* Output parameter, if the function successed to find fresh cached
162
* information, this will be set to true. Must be non-NULL.
164
* The good/bad result stored in the cache. Must be non-NULL.
165
* "missingResponseError"
166
* If OCSP status is "bad", this variable may indicate the exact
167
* reason why the previous OCSP request had failed.
169
* Platform-specific context pointer.
171
* Returns NULL if the function succeeds.
172
* Returns an OcspCertID Error if the function fails in a non-fatal way.
173
* Returns a Fatal Error if the function fails in an unrecoverable way.
176
PKIX_PL_OcspCertID_GetFreshCacheStatus(
177
PKIX_PL_OcspCertID *cid,
178
PKIX_PL_Date *validity,
179
PKIX_Boolean *hasFreshStatus,
180
PKIX_Boolean *statusIsGood,
181
SECErrorCodes *missingResponseError,
188
PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_GetFreshCacheStatus");
189
PKIX_NULLCHECK_THREE(cid, hasFreshStatus, statusIsGood);
191
if (validity != NULL) {
192
PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
193
PKIX_DATEGETPRTIMEFAILED);
198
rv = ocsp_GetCachedOCSPResponseStatusIfFresh(
199
cid->certID, time, PR_TRUE, /*ignoreGlobalOcspFailureSetting*/
200
&rvOcsp, missingResponseError);
202
*hasFreshStatus = (rv == SECSuccess);
203
if (*hasFreshStatus) {
204
*statusIsGood = (rvOcsp == SECSuccess);
207
PKIX_RETURN(OCSPCERTID);
211
* FUNCTION: PKIX_PL_OcspCertID_RememberOCSPProcessingFailure
214
* Information about the current failure associated to the given certID
215
* will be remembered in the cache, potentially allowing future calls
216
* to prevent repetitive OCSP requests.
217
* After this function got called, it may no longer be safe to
218
* use the provided cid parameter, because ownership might have been
219
* transfered to the cache. This status will be recorded inside the
224
* The certificate ID associated to a failed OCSP processing.
226
* Platform-specific context pointer.
228
* Returns NULL if the function succeeds.
229
* Returns an OcspCertID Error if the function fails in a non-fatal way.
230
* Returns a Fatal Error if the function fails in an unrecoverable way.
233
PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
234
PKIX_PL_OcspCertID *cid,
237
PRBool certIDWasConsumed = PR_FALSE;
239
PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_RememberOCSPProcessingFailure");
240
PKIX_NULLCHECK_TWO(cid, cid->certID);
242
cert_RememberOCSPProcessingFailure(cid->certID, &certIDWasConsumed);
244
if (certIDWasConsumed) {
248
PKIX_RETURN(OCSPCERTID);